Malicious Packages Across Open-Source Registries: Detection Statistics And Trends (Q2 2025)
Fortinet, Monday, August 4th, 2025
In this previous blog, Fortiguard Labs highlighted a growing trend in the use of open source software (OSS) repositories as channels for malware distribution in supply chain security.
With the continued reliance on third-party packages in development workflows, threat actors are increasingly exploiting vulnerabilities in the open-source ecosystem to propagate malicious code, exfiltrate data, and cause other harm.
By leveraging our proprietary AI-powered malware detection and continuous monitoring system, FortiGuard Labs has established real-time tracking and detection of newly published packages. This ongoing, global monitoring enables us to rapidly identify emerging threats and evolving attack techniques.